CVSS: 3.3EPSS: 2%CPEs: 110EXPL: 1CVE-2014-1447 – libvirt: denial of service with keepalive
https://notcve.org/view.php?id=CVE-2014-1447
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. Condición de carrera en la función virNetServerClientStartKeepAlive en libvirt anteriores a 1.2.1 permite a atacantes remotos causar denegación de servicio (caída de libvirtd) mediante el cierre de conexiones antes de que una respuesta keepalive sea enviada. • https://github.com/tagatac/libvirt-CVE-2014-1447 http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2014-0103.html http://secunia.com/advisories/56321 http://secunia.com/advisories/56446 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.debian.org/security/2014/dsa-2846 http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-6436
https://notcve.org/view.php?id=CVE-2013-6436
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. El método lxcDomainGetMemoryParameters en lxc/lxc_driver.c en libvirt 1.0.5 a 1.2.0 no comprueba correctamente el estado de invitados LXC cuando lee configuraciones de memoria, lo cual permite a usuarios locales causar denegación de servicio (referencia a puntero a NULL y caída de libvirtd) a través de un invitado en el estado de apagado, como se demuestra con el comando "virsh memtune". • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html http://osvdb.org/101485 http://secunia.com/advisories/56245 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.ubuntu.com/usn/USN-2093-1 https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4401
https://notcve.org/view.php?id=CVE-2013-4401
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. La función de la API virConnectDomainXMLToNative en libvirt versiones 1.1.0 hasta 1.1.3, comprueba el permiso connect:read en lugar del permiso connect:write, que permite a los atacantes conseguir privilegios domain:write y ejecutar archivos binarios de Qemu por medio de un XML diseñado. NOTA: algunos de estos detalles se obtienen a partir de información de terceros. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c http://secunia.com/advisories/55210 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://wiki.libvirt.org/page/Maintenance_Releases http://www.securitytracker.com/id/1029241 http://www.ubuntu.com/usn/USN-2026-1 https://bugzilla.redhat.com/show_bug.cgi?id=1015259 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 95EXPL: 1CVE-2013-4297
https://notcve.org/view.php?id=CVE-2013-4297
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. La función virFileNBDDeviceAssociate en util/virfile.c en libvirt v1.1.2 y anteriores permite a usuarios autenticados remotamente provocar una denegación de servicio (referencia a puntero no inicializado y caída) a través de vectores no especificados. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2 http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 16%CPEs: 1EXPL: 2CVE-2013-2218 – libvirt - 'virConnectListAllInterfaces' Method Denial of Service
https://notcve.org/view.php?id=CVE-2013-2218
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command. Vulnerabilidad de doble liberación en el método virConnectListAllInterfaces en interface/interface_backend_netcf.c de libvirt 1.0.6 permite a atacantes remotos causar una denegación de servicio (caída de libvirtd) a través de un flag "filtering" que causa que un interfaz sea omitido, como fue demostrado por el comando "virsh iface-list --inactive". • https://www.exploit-db.com/exploits/38622 http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=244e0b8cf15ca2ef48d82058e728656e6c4bad11 http://libvirt.org/news.html http://www.openwall.com/lists/oss-security/2013/07/01/6 https://bugzilla.redhat.com/show_bug.cgi?id=980112 • CWE-399: Resource Management Errors •